using System;
using System.Net;
using System.Net.Sockets;
using ch.ethz.ssh2.auth;
using ch.ethz.ssh2.channel;
using ch.ethz.ssh2.crypto;
using ch.ethz.ssh2.crypto.cipher;
using ch.ethz.ssh2.crypto.digest;
using ch.ethz.ssh2.packets;
using ch.ethz.ssh2.transport;
using ch.ethz.ssh2.util;
using Org.BouncyCastle.Security;
namespace ch.ethz.ssh2
{

    /// <summary> A <code>Connection</code> is used to establish an encrypted TCP/IP
    /// connection to a SSH-2 server.
    /// <p>
    /// Typically, one
    /// <ol>
    /// <li>creates a {@link #Connection(String) Connection} object.</li>
    /// <li>calls the {@link #connect() connect()} method.</li>
    /// <li>calls some of the authentication methods (e.g., {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}).</li>
    /// <li>calls one or several times the {@link #openSession() openSession()} method.</li>
    /// <li>finally, one must close the connection and release resources with the {@link #close() close()} method.</li>
    /// </ol>
    /// 
    /// </summary>
    /// <author>  Christian Plattner
    /// </author>
    /// <version>  2.50, 03/15/10
    /// </version>

    public class Connection
    {

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <returns> The list of supported cipher algorithms by this implementation.
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getAvailableCiphers'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public static System.String[] AvailableCiphers
        {
            get
            {
                lock (typeof(ch.ethz.ssh2.Connection))
                {
                    return BlockCipherFactory.DefaultCipherList;
                }
            }
        }

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <returns> The list of supported MAC algorthims by this implementation.
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getAvailableMACs'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public static System.String[] AvailableMACs
        {
            get
            {
                lock (typeof(ch.ethz.ssh2.Connection))
                {
                    return MAC.MacList;
                }
            }
        }

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <returns> The list of supported server host key algorthims by this implementation.
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getAvailableServerHostKeyAlgorithms'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public static System.String[] AvailableServerHostKeyAlgorithms
        {
            get
            {
                lock (typeof(ch.ethz.ssh2.Connection))
                {
                    return KexManager.DefaultServerHostkeyAlgorithmList;
                }
            }
        }

        /// <summary> Returns the hostname that was passed to the constructor.
        /// 
        /// </summary>
        /// <returns> the hostname
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getHostname'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String Hostname
        {
            get
            {
                lock (this)
                {
                    return hostname;
                }
            }
        }

        /// <summary> Returns the port that was passed to the constructor.
        /// 
        /// </summary>
        /// <returns> the TCP port
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getPort'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual int Port
        {
            get
            {
                lock (this)
                {
                    return port;
                }
            }
        }

        /// <summary> Returns a {@link ConnectionInfo} object containing the details of
        /// the connection. Can be called as soon as the connection has been
        /// established (successfully connected).
        /// 
        /// </summary>
        /// <returns> A {@link ConnectionInfo} object.
        /// </returns>
        /// <throws>  IOException </throws>
        /// <summary>             In case of any failure behind the scenes.
        /// </summary>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getConnectionInfo'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual ConnectionInfo ConnectionInfo
        {
            get
            {
                lock (this)
                {
                    if (tm == null)
                        throw new System.SystemException("Cannot get details of connection, you need to establish a connection first.");
                    return tm.getConnectionInfo(1);
                }
            }
        }

        /// <summary> Determines if the authentication phase is complete. Can be called at any
        /// time.
        /// 
        /// </summary>
        /// <returns> <code>true</code> if no further authentication steps are
        /// needed.
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'isAuthenticationComplete'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool AuthenticationComplete
        {
            get
            {
                lock (this)
                {
                    return authenticated;
                }
            }
        }

        /// <summary> Returns true if there was at least one failed authentication request and
        /// the last failed authentication request was marked with "partial success"
        /// by the server. This is only needed in the rare case of SSH-2 server setups
        /// that cannot be satisfied with a single successful authentication request
        /// (i.e., multiple authentication steps are needed.)
        /// <p>
        /// If you are interested in the details, then have a look at RFC4252.
        /// 
        /// </summary>
        /// <returns> if the there was a failed authentication step and the last one
        /// was marked as a "partial success".
        /// </returns>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'isAuthenticationPartialSuccess'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool AuthenticationPartialSuccess
        {
            get
            {
                lock (this)
                {
                    if (am == null)
                        return false;

                    return am.PartialSuccess;
                }
            }
        }

        private SecureRandom SecureRND
        {
            get
            {
                if (generator == null)
                    generator = new SecureRandom();
                return generator;
            }
        }

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <param name="ciphers">
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setClient2ServerCiphers'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String[] Client2ServerCiphers
        {
            set
            {
                lock (this)
                {
                    if ((value == null) || (value.Length == 0))
                        throw new System.ArgumentException();
                    value = removeDuplicates(value);
                    BlockCipherFactory.checkCipherList(value);
                    cryptoWishList.c2s_enc_algos = value;
                }
            }
        }

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <param name="macs">
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setClient2ServerMACs'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String[] Client2ServerMACs
        {
            set
            {
                lock (this)
                {
                    if ((value == null) || (value.Length == 0))
                        throw new System.ArgumentException();
                    value = removeDuplicates(value);
                    MAC.checkMacList(value);
                    cryptoWishList.c2s_mac_algos = value;
                }
            }
        }

        /// <summary> Sets the parameters for the diffie-hellman group exchange. Unless you
        /// know what you are doing, you will never need this. Default values are
        /// defined in the {@link DHGexParameters} class.
        /// 
        /// </summary>
        /// <param name="dgp">{@link DHGexParameters}, non null.
        /// 
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setDHGexParameters'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual DHGexParameters DHGexParameters
        {
            set
            {
                lock (this)
                {
                    if (value == null)
                        throw new System.ArgumentException();

                    dhgexpara = value;
                }
            }
        }

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <param name="ciphers">
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setServer2ClientCiphers'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String[] Server2ClientCiphers
        {
            set
            {
                lock (this)
                {
                    if ((value == null) || (value.Length == 0))
                        throw new System.ArgumentException();
                    value = removeDuplicates(value);
                    BlockCipherFactory.checkCipherList(value);
                    cryptoWishList.s2c_enc_algos = value;
                }
            }
        }

        /// <summary> Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <param name="macs">
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setServer2ClientMACs'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String[] Server2ClientMACs
        {
            set
            {
                lock (this)
                {
                    if ((value == null) || (value.Length == 0))
                        throw new System.ArgumentException();

                    value = removeDuplicates(value);
                    MAC.checkMacList(value);
                    cryptoWishList.s2c_mac_algos = value;
                }
            }
        }

        /// <summary> Define the set of allowed server host key algorithms to be used for
        /// the following key exchange operations.
        /// <p>
        /// Unless you know what you are doing, you will never need this.
        /// 
        /// </summary>
        /// <param name="algos">An array of allowed server host key algorithms.
        /// SSH-2 defines <code>ssh-dss</code> and <code>ssh-rsa</code>.
        /// The entries of the array must be ordered after preference, i.e.,
        /// the entry at index 0 is the most preferred one. You must specify
        /// at least one entry.
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setServerHostKeyAlgorithms'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String[] ServerHostKeyAlgorithms
        {
            set
            {
                lock (this)
                {
                    if ((value == null) || (value.Length == 0))
                        throw new System.ArgumentException();

                    value = removeDuplicates(value);
                    KexManager.checkServerHostkeyAlgorithmsList(value);
                    cryptoWishList.serverHostKeyAlgorithms = value;
                }
            }
        }

        /// <summary> Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm) on the underlying socket.
        /// <p>
        /// Can be called at any time. If the connection has not yet been established
        /// then the passed value will be stored and set after the socket has been set up.
        /// The default value that will be used is <code>false</code>.
        /// 
        /// </summary>
        /// <param name="enable">the argument passed to the <code>Socket.setTCPNoDelay()</code> method.
        /// </param>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setTCPNoDelay'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool TCPNoDelay
        {
            set
            {
                lock (this)
                {
                    tcpNoDelay = value;

                    if (tm != null)
                        tm.TcpNoDelay = value;
                }
            }
        }

        /// <summary> Used to tell the library that the connection shall be established through a proxy server.
        /// It only makes sense to call this method before calling the {@link #connect() connect()}
        /// method.
        /// <p>
        /// At the moment, only HTTP proxies are supported.
        /// <p>
        /// Note: This method can be called any number of times. The {@link #connect() connect()}
        /// method will use the value set in the last preceding invocation of this method.
        /// 
        /// </summary>
        /// <seealso cref="HTTPProxyData">
        /// 
        /// </seealso>
        /// <param name="proxyData">Connection information about the proxy. If <code>null</code>, then
        /// no proxy will be used (non surprisingly, this is also the default).
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setProxyData'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual ProxyData ProxyData
        {
            set
            {
                lock (this)
                {
                    this.proxyData = value;
                }
            }
        }

        /// <summary> Provide your own instance of SecureRandom. Can be used, e.g., if you
        /// want to seed the used SecureRandom generator manually.
        /// <p>
        /// The SecureRandom instance is used during key exchanges, public key authentication,
        /// x11 cookie generation and the like.
        /// 
        /// </summary>
        /// <param name="rnd">a SecureRandom instance
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'setSecureRandom'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual SecureRandom SecureRandom
        {
            set
            {
                lock (this)
                {
                    if (value == null)
                        throw new System.ArgumentException();

                    this.generator = value;
                }
            }
        }

        /// <summary> The identifier presented to the SSH-2 server.</summary>
        public const System.String identification = "Ganymed Build_250";

        /* Will be used to generate all random data needed for the current connection.
        * Note: SecureRandom.nextBytes() is thread safe.
        */

        private SecureRandom generator;

        private ch.ethz.ssh2.auth.AuthenticationManager am;

        private bool authenticated = false;
        private ChannelManager cm;

        private CryptoWishList cryptoWishList = new CryptoWishList();

        private DHGexParameters dhgexpara = new DHGexParameters();

        //UPGRADE_NOTE: Final was removed from the declaration of 'hostname '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
        private System.String hostname;

        //UPGRADE_NOTE: Final was removed from the declaration of 'port '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
        private int port;

        private TransportManager tm;

        private bool tcpNoDelay = false;

        private ProxyData proxyData = null;

        private System.Collections.ArrayList connectionMonitors = System.Collections.ArrayList.Synchronized(new System.Collections.ArrayList(10));

        /// <summary> Prepares a fresh <code>Connection</code> object which can then be used
        /// to establish a connection to the specified SSH-2 server.
        /// <p>
        /// Same as {@link #Connection(String, int) Connection(hostname, 22)}. 
        /// 
        /// </summary>
        /// <param name="hostname">the hostname of the SSH-2 server.
        /// </param>
        public Connection(System.String hostname)
            : this(hostname, 22)
        {
        }

        /// <summary> Prepares a fresh <code>Connection</code> object which can then be used
        /// to establish a connection to the specified SSH-2 server.
        /// 
        /// </summary>
        /// <param name="hostname">the host where we later want to connect to.
        /// </param>
        /// <param name="port">port on the server, normally 22.
        /// </param>
        public Connection(System.String hostname, int port)
        {
            this.hostname = hostname;
            this.port = port;
        }

        /// <summary> After a successful connect, one has to authenticate oneself. This method
        /// is based on DSA (it uses DSA to sign a challenge sent by the server).
        /// <p>
        /// If the authentication phase is complete, <code>true</code> will be
        /// returned. If the server does not accept the request (or if further
        /// authentication steps are needed), <code>false</code> is returned and
        /// one can retry either by using this or any other authentication method
        /// (use the <code>getRemainingAuthMethods</code> method to get a list of
        /// the remaining possible methods).
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// </param>
        /// <param name="pem">A <code>String</code> containing the DSA private key of the
        /// user in OpenSSH key format (PEM, you can't miss the
        /// "-----BEGIN DSA PRIVATE KEY-----" tag). The string may contain
        /// linefeeds.
        /// </param>
        /// <param name="password">If the PEM string is 3DES encrypted ("DES-EDE3-CBC"), then you
        /// must specify the password. Otherwise, this argument will be
        /// ignored and can be set to <code>null</code>.
        /// 
        /// </param>
        /// <returns> whether the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        /// <summary> 
        /// </summary>
        /// <deprecated> You should use one of the {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}
        /// methods, this method is just a wrapper for it and will
        /// disappear in future builds.
        /// 
        /// </deprecated>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithDSA'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithDSA(System.String user, System.String pem, System.String password)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Connection is not established!");

                if (authenticated)
                    throw new System.SystemException("Connection is already authenticated!");

                if (am == null)
                    am = new ch.ethz.ssh2.auth.AuthenticationManager(tm);

                if (cm == null)
                    cm = new ChannelManager(tm);

                if (user == null)
                    throw new System.ArgumentException("user argument is null");

                if (pem == null)
                    throw new System.ArgumentException("pem argument is null");

                authenticated = am.authenticatePublicKey(user, pem.ToCharArray(), password, SecureRND);

                return authenticated;
            }
        }

        /// <summary> A wrapper that calls {@link #authenticateWithKeyboardInteractive(String, String[], InteractiveCallback)
        /// authenticateWithKeyboardInteractivewith} a <code>null</code> submethod list.
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// </param>
        /// <param name="cb">An <code>InteractiveCallback</code> which will be used to
        /// determine the responses to the questions asked by the server.
        /// </param>
        /// <returns> whether the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithKeyboardInteractive'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithKeyboardInteractive(System.String user, InteractiveCallback cb)
        {
            lock (this)
            {
                return authenticateWithKeyboardInteractive(user, null, cb);
            }
        }

        /// <summary> After a successful connect, one has to authenticate oneself. This method
        /// is based on "keyboard-interactive", specified in
        /// draft-ietf-secsh-auth-kbdinteract-XX. Basically, you have to define a
        /// callback object which will be feeded with challenges generated by the
        /// server. Answers are then sent back to the server. It is possible that the
        /// callback will be called several times during the invocation of this
        /// method (e.g., if the server replies to the callback's answer(s) with
        /// another challenge...)
        /// <p>
        /// If the authentication phase is complete, <code>true</code> will be
        /// returned. If the server does not accept the request (or if further
        /// authentication steps are needed), <code>false</code> is returned and
        /// one can retry either by using this or any other authentication method
        /// (use the <code>getRemainingAuthMethods</code> method to get a list of
        /// the remaining possible methods).
        /// <p>
        /// Note: some SSH servers advertise "keyboard-interactive", however, any
        /// interactive request will be denied (without having sent any challenge to
        /// the client).
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// </param>
        /// <param name="submethods">An array of submethod names, see
        /// draft-ietf-secsh-auth-kbdinteract-XX. May be <code>null</code>
        /// to indicate an empty list.
        /// </param>
        /// <param name="cb">An <code>InteractiveCallback</code> which will be used to
        /// determine the responses to the questions asked by the server.
        /// 
        /// </param>
        /// <returns> whether the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithKeyboardInteractive'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithKeyboardInteractive(System.String user, System.String[] submethods, InteractiveCallback cb)
        {
            lock (this)
            {
                if (cb == null)
                    throw new System.ArgumentException("Callback may not ne NULL!");

                if (tm == null)
                    throw new System.SystemException("Connection is not established!");

                if (authenticated)
                    throw new System.SystemException("Connection is already authenticated!");

                if (am == null)
                    am = new ch.ethz.ssh2.auth.AuthenticationManager(tm);

                if (cm == null)
                    cm = new ChannelManager(tm);

                if (user == null)
                    throw new System.ArgumentException("user argument is null");

                authenticated = am.authenticateInteractive(user, submethods, cb);

                return authenticated;
            }
        }

        /// <summary> After a successful connect, one has to authenticate oneself. This method
        /// sends username and password to the server.
        /// <p>
        /// If the authentication phase is complete, <code>true</code> will be
        /// returned. If the server does not accept the request (or if further
        /// authentication steps are needed), <code>false</code> is returned and
        /// one can retry either by using this or any other authentication method
        /// (use the <code>getRemainingAuthMethods</code> method to get a list of
        /// the remaining possible methods).
        /// <p>
        /// Note: if this method fails, then please double-check that it is actually
        /// offered by the server (use {@link #getRemainingAuthMethods(String) getRemainingAuthMethods()}.
        /// <p>
        /// Often, password authentication is disabled, but users are not aware of it.
        /// Many servers only offer "publickey" and "keyboard-interactive". However,
        /// even though "keyboard-interactive" *feels* like password authentication
        /// (e.g., when using the putty or openssh clients) it is *not* the same mechanism.
        /// 
        /// </summary>
        /// <param name="user">
        /// </param>
        /// <param name="password">
        /// </param>
        /// <returns> if the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithPassword'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithPassword(System.String user, System.String password)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Connection is not established!");

                if (authenticated)
                    throw new System.SystemException("Connection is already authenticated!");

                if (am == null)
                    am = new ch.ethz.ssh2.auth.AuthenticationManager(tm);

                if (cm == null)
                    cm = new ChannelManager(tm);

                if (user == null)
                    throw new System.ArgumentException("user argument is null");

                if (password == null)
                    throw new System.ArgumentException("password argument is null");

                authenticated = am.authenticatePassword(user, password);

                return authenticated;
            }
        }

        /// <summary> After a successful connect, one has to authenticate oneself.
        /// This method can be used to explicitly use the special "none"
        /// authentication method (where only a username has to be specified).
        /// <p>
        /// Note 1: The "none" method may always be tried by clients, however as by
        /// the specs, the server will not explicitly announce it. In other words,
        /// the "none" token will never show up in the list returned by
        /// {@link #getRemainingAuthMethods(String)}.
        /// <p>
        /// Note 2: no matter which one of the authenticateWithXXX() methods
        /// you call, the library will always issue exactly one initial "none"
        /// authentication request to retrieve the initially allowed list of
        /// authentication methods by the server. Please read RFC 4252 for the
        /// details.
        /// <p>
        /// If the authentication phase is complete, <code>true</code> will be
        /// returned. If further authentication steps are needed, <code>false</code>
        /// is returned and one can retry by any other authentication method
        /// (use the <code>getRemainingAuthMethods</code> method to get a list of
        /// the remaining possible methods).
        /// 
        /// </summary>
        /// <param name="user">
        /// </param>
        /// <returns> if the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithNone'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithNone(System.String user)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Connection is not established!");

                if (authenticated)
                    throw new System.SystemException("Connection is already authenticated!");

                if (am == null)
                    am = new ch.ethz.ssh2.auth.AuthenticationManager(tm);

                if (cm == null)
                    cm = new ChannelManager(tm);

                if (user == null)
                    throw new System.ArgumentException("user argument is null");

                /* Trigger the sending of the PacketUserauthRequestNone packet */
                /* (if not already done)                                       */

                authenticated = am.authenticateNone(user);

                return authenticated;
            }
        }

        /// <summary> After a successful connect, one has to authenticate oneself.
        /// The authentication method "publickey" works by signing a challenge
        /// sent by the server. The signature is either DSA or RSA based - it
        /// just depends on the type of private key you specify, either a DSA
        /// or RSA private key in PEM format. And yes, this is may seem to be a
        /// little confusing, the method is called "publickey" in the SSH-2 protocol
        /// specification, however since we need to generate a signature, you
        /// actually have to supply a private key =).
        /// <p>
        /// The private key contained in the PEM file may also be encrypted ("Proc-Type: 4,ENCRYPTED").
        /// The library supports DES-CBC and DES-EDE3-CBC encryption, as well
        /// as the more exotic PEM encrpytions AES-128-CBC, AES-192-CBC and AES-256-CBC.
        /// <p>
        /// If the authentication phase is complete, <code>true</code> will be
        /// returned. If the server does not accept the request (or if further
        /// authentication steps are needed), <code>false</code> is returned and
        /// one can retry either by using this or any other authentication method
        /// (use the <code>getRemainingAuthMethods</code> method to get a list of
        /// the remaining possible methods).
        /// <p>
        /// NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..."
        /// it is not in the expected format. You have to convert it to the OpenSSH
        /// key format by using the "puttygen" tool (can be downloaded from the Putty
        /// website). Simply load your key and then use the "Conversions/Export OpenSSH key"
        /// functionality to get a proper PEM file.
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// </param>
        /// <param name="pemPrivateKey">A <code>char[]</code> containing a DSA or RSA private key of the
        /// user in OpenSSH key format (PEM, you can't miss the
        /// "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----"
        /// tag). The char array may contain linebreaks/linefeeds.
        /// </param>
        /// <param name="password">If the PEM structure is encrypted ("Proc-Type: 4,ENCRYPTED") then
        /// you must specify a password. Otherwise, this argument will be ignored
        /// and can be set to <code>null</code>.
        /// 
        /// </param>
        /// <returns> whether the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithPublicKey'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithPublicKey(System.String user, char[] pemPrivateKey, System.String password)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Connection is not established!");

                if (authenticated)
                    throw new System.SystemException("Connection is already authenticated!");

                if (am == null)
                    am = new ch.ethz.ssh2.auth.AuthenticationManager(tm);

                if (cm == null)
                    cm = new ChannelManager(tm);

                if (user == null)
                    throw new System.ArgumentException("user argument is null");

                if (pemPrivateKey == null)
                    throw new System.ArgumentException("pemPrivateKey argument is null");

                authenticated = am.authenticatePublicKey(user, pemPrivateKey, password, SecureRND);

                return authenticated;
            }
        }

        /// <summary> A convenience wrapper function which reads in a private key (PEM format, either DSA or RSA)
        /// and then calls <code>authenticateWithPublicKey(String, char[], String)</code>.
        /// <p>
        /// NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..."
        /// it is not in the expected format. You have to convert it to the OpenSSH
        /// key format by using the "puttygen" tool (can be downloaded from the Putty
        /// website). Simply load your key and then use the "Conversions/Export OpenSSH key"
        /// functionality to get a proper PEM file.
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// </param>
        /// <param name="pemFile">A <code>File</code> object pointing to a file containing a DSA or RSA
        /// private key of the user in OpenSSH key format (PEM, you can't miss the
        /// "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----"
        /// tag).
        /// </param>
        /// <param name="password">If the PEM file is encrypted then you must specify the password.
        /// Otherwise, this argument will be ignored and can be set to <code>null</code>.
        /// 
        /// </param>
        /// <returns> whether the connection is now authenticated.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'authenticateWithPublicKey'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool authenticateWithPublicKey(System.String user, System.IO.FileInfo pemFile, System.String password)
        {
            lock (this)
            {
                if (pemFile == null)
                    throw new System.ArgumentException("pemFile argument is null");

                char[] buff = new char[256];

                System.IO.StringWriter cw = new System.IO.StringWriter();

                //UPGRADE_TODO: Constructor 'java.io.FileReader.FileReader' was converted to 'System.IO.StreamReader' which has a different behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073'"
                System.IO.StreamReader fr = new System.IO.StreamReader(pemFile.FullName, System.Text.Encoding.Default);

                while (true)
                {
                    //UPGRADE_TODO: Method 'java.io.Reader.read' was converted to 'System.IO.StreamReader.Read' which has a different behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1073_javaioReaderread_char[]'"
                    int len = fr.Read((System.Char[])buff, 0, buff.Length);
                    if (len < 0)
                        break;
                    cw.Write(buff, 0, len);
                }

                fr.Close();

                return authenticateWithPublicKey(user, cw.ToString().ToCharArray(), password);
            }
        }

        /// <summary> Add a {@link ConnectionMonitor} to this connection. Can be invoked at any time,
        /// but it is best to add connection monitors before invoking
        /// <code>connect()</code> to avoid glitches (e.g., you add a connection monitor after
        /// a successful connect(), but the connection has died in the mean time. Then,
        /// your connection monitor won't be notified.) 
        /// <p>
        /// You can add as many monitors as you like.
        /// 
        /// </summary>
        /// <seealso cref="ConnectionMonitor">
        /// 
        /// </seealso>
        /// <param name="cmon">An object implementing the <code>ConnectionMonitor</code> interface.
        /// </param>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'addConnectionMonitor'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void addConnectionMonitor(ConnectionMonitor cmon)
        {
            lock (this)
            {
                if (cmon == null)
                    throw new System.ArgumentException("cmon argument is null");

                connectionMonitors.Add(cmon);

                if (tm != null)
                    tm.ConnectionMonitors = connectionMonitors;
            }
        }

        /// <summary> Close the connection to the SSH-2 server. All assigned sessions will be
        /// closed, too. Can be called at any time. Don't forget to call this once
        /// you don't need a connection anymore - otherwise the receiver thread may
        /// run forever.
        /// </summary>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'close'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void close()
        {
            lock (this)
            {
                //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted to 'System.Exception' which has different behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
                System.Exception t = new System.Exception("Closed due to user request.");
                close(t, false);
            }
        }

        //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted to 'System.Exception' which has different behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
        private void close(System.Exception t, bool hard)
        {
            if (cm != null)
                cm.closeAllChannels();

            if (tm != null)
            {
                tm.close(t, hard == false);
                tm = null;
            }
            am = null;
            cm = null;
            authenticated = false;
        }

        /// <summary> Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(null, 0, 0)}.
        /// 
        /// </summary>
        /// <returns> see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'connect'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual ConnectionInfo connect()
        {
            lock (this)
            {
                return connect(null, 0, 0);
            }
        }

        /// <summary> Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(verifier, 0, 0)}.
        /// 
        /// </summary>
        /// <returns> see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'connect'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual ConnectionInfo connect(ServerHostKeyVerifier verifier)
        {
            lock (this)
            {
                return connect(verifier, 0, 0);
            }
        }

        /// <summary> Connect to the SSH-2 server and, as soon as the server has presented its
        /// host key, use the {@link ServerHostKeyVerifier#verifyServerHostKey(String,
        /// int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()}
        /// method of the <code>verifier</code> to ask for permission to proceed.
        /// If <code>verifier</code> is <code>null</code>, then any host key will be
        /// accepted - this is NOT recommended, since it makes man-in-the-middle attackes
        /// VERY easy (somebody could put a proxy SSH server between you and the real server).
        /// <p>
        /// Note: The verifier will be called before doing any crypto calculations
        /// (i.e., diffie-hellman). Therefore, if you don't like the presented host key then
        /// no CPU cycles are wasted (and the evil server has less information about us).
        /// <p>
        /// However, it is still possible that the server presented a fake host key: the server
        /// cheated (typically a sign for a man-in-the-middle attack) and is not able to generate
        /// a signature that matches its host key. Don't worry, the library will detect such
        /// a scenario later when checking the signature (the signature cannot be checked before
        /// having completed the diffie-hellman exchange).
        /// <p>
        /// Note 2: The  {@link ServerHostKeyVerifier#verifyServerHostKey(String,
        /// int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()} method
        /// will *NOT* be called from the current thread, the call is being made from a
        /// background thread (there is a background dispatcher thread for every
        /// established connection). 
        /// <p>
        /// Note 3: This method will block as long as the key exchange of the underlying connection
        /// has not been completed (and you have not specified any timeouts).
        /// <p>
        /// Note 4: If you want to re-use a connection object that was successfully connected,
        /// then you must call the {@link #close()} method before invoking <code>connect()</code> again.
        /// 
        /// </summary>
        /// <param name="verifier">An object that implements the
        /// {@link ServerHostKeyVerifier} interface. Pass <code>null</code>
        /// to accept any server host key - NOT recommended.
        /// 
        /// </param>
        /// <param name="connectTimeout">Connect the underlying TCP socket to the server with the given timeout
        /// value (non-negative, in milliseconds). Zero means no timeout. If a proxy is being
        /// used (see {@link #setProxyData(ProxyData)}), then this timeout is used for the
        /// connection establishment to the proxy.
        /// 
        /// </param>
        /// <param name="kexTimeout">Timeout for complete connection establishment (non-negative,
        /// in milliseconds). Zero means no timeout. The timeout counts from the
        /// moment you invoke the connect() method and is cancelled as soon as the
        /// first key-exchange round has finished. It is possible that
        /// the timeout event will be fired during the invocation of the
        /// <code>verifier</code> callback, but it will only have an effect after
        /// the <code>verifier</code> returns.
        /// 
        /// </param>
        /// <returns> A {@link ConnectionInfo} object containing the details of
        /// the established connection.
        /// 
        /// </returns>
        /// <throws>  IOException </throws>
        /// <summary>            If any problem occurs, e.g., the server's host key is not
        /// accepted by the <code>verifier</code> or there is problem during
        /// the initial crypto setup (e.g., the signature sent by the server is wrong).
        /// <p>
        /// In case of a timeout (either connectTimeout or kexTimeout)
        /// a SocketTimeoutException is thrown.
        /// <p>
        /// An exception may also be thrown if the connection was already successfully
        /// connected (no matter if the connection broke in the mean time) and you invoke
        /// <code>connect()</code> again without having called {@link #close()} first.
        /// <p>
        /// If a HTTP proxy is being used and the proxy refuses the connection,
        /// then a {@link HTTPProxyException} may be thrown, which
        /// contains the details returned by the proxy. If the proxy is buggy and does
        /// not return a proper HTTP response, then a normal IOException is thrown instead.        
        /// </summary>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'connect'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual ConnectionInfo connect(ServerHostKeyVerifier verifier, int connectTimeout, int kexTimeout)
        {
            lock (this)
            {

                if (tm != null)
                    throw new System.IO.IOException("Connection to " + hostname + " is already in connected state!");

                if (connectTimeout < 0)
                    throw new System.ArgumentException("connectTimeout must be non-negative!");

                if (kexTimeout < 0)
                    throw new System.ArgumentException("kexTimeout must be non-negative!");

                //UPGRADE_NOTE: Final was removed from the declaration of 'state '. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1003'"
                TimeoutState state = new TimeoutState();

                tm = new TransportManager(hostname, port);

                tm.ConnectionMonitors = connectionMonitors;

                /* Make sure that the runnable below will observe the new value of "tm"
                 * and "state" (the runnable will be executed in a different thread, which 
                 * may be already running, that is why we need a memory barrier here).
                 * See also the comment in Channel.java if you
                 * are interested in the details.
                 * 
                 * OKOK, this is paranoid since adding the runnable to the todo list
                 * of the TimeoutService will ensure that all writes have been flushed
                 * before the Runnable reads anything
                 * (there is a synchronized block in TimeoutService.addTimeoutHandler).
                 */

                lock (tm)
                {
                    /* We could actually synchronize on anything. */
                }


                try
                {
                    TimeoutService.TimeoutToken token = null;

                    if (kexTimeout > 0)
                    {
                        long timeoutHorizont = (System.DateTime.Now.Ticks - 621355968000000000) / 10000 + kexTimeout;

                        token = TimeoutService.addTimeoutHandler(timeoutHorizont, delegate()
                        {
                            lock (state)
                            {
                                if (state.isCancelled)
                                    return;
                                state.timeoutSocketClosed = true;
                                if (tm != null)
                                    tm.close(new SocketTimeoutException("The connect timeout expired"), false);
                            }
                        });
                    }

                    try
                    {
                        tm.initialize(cryptoWishList, verifier, dhgexpara, connectTimeout, SecureRND, proxyData);
                    }
                    catch (SocketTimeoutException se)
                    {
                        //throw (SocketTimeoutException) new SocketTimeoutException(se.ErrorCode,string.Format("The connect() operation on the socket timed out. {0}",se.Message));
                        throw se;
                    }

                    tm.TcpNoDelay = tcpNoDelay;

                    /* Wait until first KEX has finished */

                    ConnectionInfo ci = tm.getConnectionInfo(1);

                    /* Now try to cancel the timeout, if needed */

                    if (token != null)
                    {
                        TimeoutService.cancelTimeoutHandler(token);

                        /* Were we too late? */

                        lock (state)
                        {
                            if (state.timeoutSocketClosed)
                                throw new System.IO.IOException("This exception will be replaced by the one below =)");
                            /* Just in case the "cancelTimeoutHandler" invocation came just a little bit
                            * too late but the handler did not enter the semaphore yet - we can
                            * still stop it.
                            */
                            state.isCancelled = true;
                        }
                    }

                    return ci;
                }
                catch (SocketTimeoutException ste)
                {
                    throw ste;
                }
                catch (System.IO.IOException e1)
                {
                    /* This will also invoke any registered connection monitors */
                    //UPGRADE_NOTE: Exception 'java.lang.Throwable' was converted to 'System.Exception' which has different behavior. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1100'"
                    close(new System.Exception("There was a problem during connect."), false);

                    lock (state)
                    {
                        /* Show a clean exception, not something like "the socket is closed!?!" */
                        if (state.timeoutSocketClosed)
                            throw new SocketTimeoutException("The kexTimeout (" + kexTimeout + " ms) expired.");
                    }

                    /* Do not wrap a HTTPProxyException */
                    if (e1 is HTTPProxyException)
                        throw e1;

                    throw (System.IO.IOException)new System.IO.IOException("There was a problem while connecting to " + hostname + ":" + port, e1);
                }
            }
        }

        /// <summary> Creates a new {@link LocalPortForwarder}.
        /// A <code>LocalPortForwarder</code> forwards TCP/IP connections that arrive at a local
        /// port via the secure tunnel to another host (which may or may not be
        /// identical to the remote SSH-2 server).
        /// <p>
        /// This method must only be called after one has passed successfully the authentication step.
        /// There is no limit on the number of concurrent forwardings.
        /// 
        /// </summary>
        /// <param name="local_port">the local port the LocalPortForwarder shall bind to.
        /// </param>
        /// <param name="host_to_connect">target address (IP or hostname)
        /// </param>
        /// <param name="port_to_connect">target port
        /// </param>
        /// <returns> A {@link LocalPortForwarder} object.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'createLocalPortForwarder'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual LocalPortForwarder createLocalPortForwarder(int local_port, System.String host_to_connect, int port_to_connect)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Cannot forward ports, you need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("Cannot forward ports, connection is not authenticated.");

                return new LocalPortForwarder(cm, local_port, host_to_connect, port_to_connect);
            }
        }

        /// <summary> Creates a new {@link LocalPortForwarder}.
        /// A <code>LocalPortForwarder</code> forwards TCP/IP connections that arrive at a local
        /// port via the secure tunnel to another host (which may or may not be
        /// identical to the remote SSH-2 server).
        /// <p>
        /// This method must only be called after one has passed successfully the authentication step.
        /// There is no limit on the number of concurrent forwardings.
        /// 
        /// </summary>
        /// <param name="addr">specifies the IPEndPoint where the local socket shall be bound to.
        /// </param>
        /// <param name="host_to_connect">target address (IP or hostname)
        /// </param>
        /// <param name="port_to_connect">target port
        /// </param>
        /// <returns> A {@link LocalPortForwarder} object.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'createLocalPortForwarder'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual LocalPortForwarder createLocalPortForwarder(IPEndPoint addr, System.String host_to_connect, int port_to_connect)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Cannot forward ports, you need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("Cannot forward ports, connection is not authenticated.");

                return new LocalPortForwarder(cm, addr, host_to_connect, port_to_connect);
            }
        }

        /// <summary> Creates a new {@link LocalStreamForwarder}.
        /// A <code>LocalStreamForwarder</code> manages an Input/Outputstream pair
        /// that is being forwarded via the secure tunnel into a TCP/IP connection to another host
        /// (which may or may not be identical to the remote SSH-2 server).
        /// 
        /// </summary>
        /// <param name="host_to_connect">
        /// </param>
        /// <param name="port_to_connect">
        /// </param>
        /// <returns> A {@link LocalStreamForwarder} object.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'createLocalStreamForwarder'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual LocalStreamForwarder createLocalStreamForwarder(System.String host_to_connect, int port_to_connect)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Cannot forward, you need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("Cannot forward, connection is not authenticated.");

                return new LocalStreamForwarder(cm, host_to_connect, port_to_connect);
            }
        }

        /// <summary> Create a very basic {@link SCPClient} that can be used to copy
        /// files from/to the SSH-2 server.
        /// <p>
        /// Works only after one has passed successfully the authentication step.
        /// There is no limit on the number of concurrent SCP clients.
        /// <p>
        /// Note: This factory method will probably disappear in the future.
        /// 
        /// </summary>
        /// <returns> A {@link SCPClient} object.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'createSCPClient'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual SCPClient createSCPClient()
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Cannot create SCP client, you need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("Cannot create SCP client, connection is not authenticated.");

                return new SCPClient(this);
            }
        }

        /// <summary> Force an asynchronous key re-exchange (the call does not block). The
        /// latest values set for MAC, Cipher and DH group exchange parameters will
        /// be used. If a key exchange is currently in progress, then this method has
        /// the only effect that the so far specified parameters will be used for the
        /// next (server driven) key exchange.
        /// <p>
        /// Note: This implementation will never start a key exchange (other than the initial one)
        /// unless you or the SSH-2 server ask for it.
        /// 
        /// </summary>
        /// <throws>  IOException </throws>
        /// <summary>             In case of any failure behind the scenes.
        /// </summary>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'forceKeyExchange'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void forceKeyExchange()
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("You need to establish a connection first.");

                tm.forceKeyExchange(cryptoWishList, dhgexpara);
            }
        }

        /// <summary> After a successful connect, one has to authenticate oneself. This method
        /// can be used to tell which authentication methods are supported by the
        /// server at a certain stage of the authentication process (for the given
        /// username).
        /// <p>
        /// Note 1: the username will only be used if no authentication step was done
        /// so far (it will be used to ask the server for a list of possible
        /// authentication methods by sending the initial "none" request). Otherwise,
        /// this method ignores the user name and returns a cached method list
        /// (which is based on the information contained in the last negative server response).
        /// <p>
        /// Note 2: the server may return method names that are not supported by this
        /// implementation.
        /// <p>
        /// After a successful authentication, this method must not be called
        /// anymore.
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// 
        /// </param>
        /// <returns> a (possibly emtpy) array holding authentication method names.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'getRemainingAuthMethods'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual System.String[] getRemainingAuthMethods(System.String user)
        {
            lock (this)
            {
                if (user == null)
                    throw new System.ArgumentException("user argument may not be NULL!");

                if (tm == null)
                    throw new System.SystemException("Connection is not established!");

                if (authenticated)
                    throw new System.SystemException("Connection is already authenticated!");

                if (am == null)
                    am = new ch.ethz.ssh2.auth.AuthenticationManager(tm);

                if (cm == null)
                    cm = new ChannelManager(tm);

                return am.getRemainingMethods(user);
            }
        }

        /// <summary> Checks if a specified authentication method is available. This method is
        /// actually just a wrapper for {@link #getRemainingAuthMethods(String)
        /// getRemainingAuthMethods()}.
        /// 
        /// </summary>
        /// <param name="user">A <code>String</code> holding the username.
        /// </param>
        /// <param name="method">An authentication method name (e.g., "publickey", "password",
        /// "keyboard-interactive") as specified by the SSH-2 standard.
        /// </param>
        /// <returns> if the specified authentication method is currently available.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'isAuthMethodAvailable'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual bool isAuthMethodAvailable(System.String user, System.String method)
        {
            lock (this)
            {
                if (method == null)
                    throw new System.ArgumentException("method argument may not be NULL!");

                System.String[] methods = getRemainingAuthMethods(user);

                for (int i = 0; i < methods.Length; i++)
                {
                    if (String.CompareOrdinal(methods[i], method) == 0)
                        return true;
                }

                return false;
            }
        }

        /// <summary> Open a new {@link Session} on this connection. Works only after one has passed
        /// successfully the authentication step. There is no limit on the number of
        /// concurrent sessions.
        /// 
        /// </summary>
        /// <returns> A {@link Session} object.
        /// </returns>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'openSession'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual Session openSession()
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("Cannot open session, you need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("Cannot open session, connection is not authenticated.");

                return new Session(cm, SecureRND);
            }
        }

        /// <summary> Send an SSH_MSG_IGNORE packet. This method will generate a random data attribute
        /// (length between 0 (invlusive) and 16 (exclusive) bytes, contents are random bytes).
        /// <p>
        /// This method must only be called once the connection is established.
        /// 
        /// </summary>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'sendIgnorePacket'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void sendIgnorePacket()
        {
            lock (this)
            {
                SecureRandom rnd = SecureRND;

                byte[] data = new byte[rnd.Next(16)];
                rnd.NextBytes(data);
                sendIgnorePacket(data);
            }
        }

        /// <summary> Send an SSH_MSG_IGNORE packet with the given data attribute.
        /// <p>
        /// This method must only be called once the connection is established.
        /// 
        /// </summary>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'sendIgnorePacket'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void sendIgnorePacket(byte[] data)
        {
            lock (this)
            {
                if (data == null)
                    throw new System.ArgumentException("data argument must not be null.");

                if (tm == null)
                    throw new System.SystemException("Cannot send SSH_MSG_IGNORE packet, you need to establish a connection first.");

                PacketIgnore pi = new PacketIgnore();
                pi.Data = data;

                tm.sendMessage(pi.Payload);
            }
        }

        /// <summary> Removes duplicates from a String array, keeps only first occurence
        /// of each element. Does not destroy order of elements; can handle nulls.
        /// Uses a very efficient O(N^2) algorithm =)
        /// 
        /// </summary>
        /// <param name="list">a String array.
        /// </param>
        /// <returns> a cleaned String array.
        /// </returns>
        private System.String[] removeDuplicates(System.String[] list)
        {
            if ((list == null) || (list.Length < 2))
                return list;

            System.String[] list2 = new System.String[list.Length];

            int count = 0;

            for (int i = 0; i < list.Length; i++)
            {
                bool duplicate = false;

                System.String element = list[i];

                for (int j = 0; j < count; j++)
                {
                    if (((element == null) && (list2[j] == null)) || ((element != null) && (element.Equals(list2[j]))))
                    {
                        duplicate = true;
                        break;
                    }
                }

                if (duplicate)
                    continue;

                list2[count++] = list[i];
            }

            if (count == list2.Length)
                return list2;

            System.String[] tmp = new System.String[count];
            Array.Copy(list2, 0, tmp, 0, count);

            return tmp;
        }

        /// <summary> Request a remote port forwarding.
        /// If successful, then forwarded connections will be redirected to the given target address.
        /// You can cancle a requested remote port forwarding by calling
        /// {@link #cancelRemotePortForwarding(int) cancelRemotePortForwarding()}.
        /// <p>
        /// A call of this method will block until the peer either agreed or disagreed to your request-
        /// <p>
        /// Note 1: this method typically fails if you
        /// <ul>
        /// <li>pass a port number for which the used remote user has not enough permissions (i.e., port
        /// &lt; 1024)</li>
        /// <li>or pass a port number that is already in use on the remote server</li>
        /// <li>or if remote port forwarding is disabled on the server.</li>
        /// </ul>
        /// <p>
        /// Note 2: (from the openssh man page): By default, the listening socket on the server will be
        /// bound to the loopback interface only. This may be overriden by specifying a bind address.
        /// Specifying a remote bind address will only succeed if the server's <b>GatewayPorts</b> option
        /// is enabled (see sshd_config(5)).
        /// 
        /// </summary>
        /// <param name="bindAddress">address to bind to on the server:
        /// <ul>
        /// <li>"" means that connections are to be accepted on all protocol families
        /// supported by the SSH implementation</li>
        /// <li>"0.0.0.0" means to listen on all IPv4 addresses</li>
        /// <li>"::" means to listen on all IPv6 addresses</li>
        /// <li>"localhost" means to listen on all protocol families supported by the SSH
        /// implementation on loopback addresses only, [RFC3330] and RFC3513]</li>
        /// <li>"127.0.0.1" and "::1" indicate listening on the loopback interfaces for
        /// IPv4 and IPv6 respectively</li>
        /// </ul>
        /// </param>
        /// <param name="bindPort">port number to bind on the server (must be &gt; 0)
        /// </param>
        /// <param name="targetAddress">the target address (IP or hostname)
        /// </param>
        /// <param name="targetPort">the target port
        /// </param>
        /// <throws>  IOException </throws>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'requestRemotePortForwarding'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void requestRemotePortForwarding(System.String bindAddress, int bindPort, System.String targetAddress, int targetPort)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("You need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("The connection is not authenticated.");

                if ((bindAddress == null) || (targetAddress == null) || (bindPort <= 0) || (targetPort <= 0))
                    throw new System.ArgumentException();

                cm.requestGlobalForward(bindAddress, bindPort, targetAddress, targetPort);
            }
        }

        /// <summary> Cancel an earlier requested remote port forwarding. 
        /// Currently active forwardings will not be affected (e.g., disrupted).
        /// Note that further connection forwarding requests may be received until
        /// this method has returned.
        /// 
        /// </summary>
        /// <param name="bindPort">the allocated port number on the server
        /// </param>
        /// <throws>  IOException if the remote side refuses the cancel request or another low </throws>
        /// <summary>         level error occurs (e.g., the underlying connection is closed)
        /// </summary>
        //UPGRADE_NOTE: Synchronized keyword was removed from method 'cancelRemotePortForwarding'. Lock expression was added. "ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?index='!DefaultContextWindowIndex'&keyword='jlca1027'"
        public virtual void cancelRemotePortForwarding(int bindPort)
        {
            lock (this)
            {
                if (tm == null)
                    throw new System.SystemException("You need to establish a connection first.");

                if (!authenticated)
                    throw new System.SystemException("The connection is not authenticated.");

                cm.requestCancelGlobalForward(bindPort);
            }
        }

        sealed class TimeoutState
        {
            internal bool isCancelled = false;
            internal bool timeoutSocketClosed = false;
        }
    }
}
